ScreenAware Privacy Policy

Hello there, I am Hinnerk, founder of ScreenAware. Great you are interested in how we handle the privacy/security of your personal data!

Note: I am writing this document without being a lawyer and using plain English. If you notice anything strange or misleading/lacking I would be very thankful if you send me a short message to help@screenaware.com. If you on the other hand are a lawyer and sue me over a formality I will hate you forever ;-)

As you may already be aware of, the goal of ScreenAware is to allow you to track the use of your screen time and relate this time to specific projects or clients of yours..

To be able to support the above use case (to fulfil our promise to you as a user) we are capturing, transmitting, processing, and storing data related to your computer usage which is inherently personal.Your trust means the world to us, so we do everything possible to treat your privacy and the security of your private data with the utmost respect.

The following sections outline how we ensure only data necessary for the above use case is processed, how we ensure your data is safe and in which cases we store more data and why we do so. The way we handle private information complies to the so called GDPR European privacy regulation (we are located in Germany anyway so would have to follow pretty strict privacy protection laws in either case).

relevant for you if you visit(ed) our marketing website located at www.screenaware.com or visit(ed) our activity dashboard located at app.screenaware.com

The ScreenAware marketing site basically displays static information which allows you to learn about the ScreenAware functionality, pricing, help pages etc. Some help texts are hosted by Intercom (see below) at help.screenaware.com.

The ScreenAware activity dashboard shows you how time spent in front of your computer relates to your (business) projects or clients. Additionally it allows you to configure how ScreenAware detects this project relation.

There is no active server logging in place (for the techies: load balancer and nginx logs being fully disabled) so no information regarding your visits to the above websites is being recorded with the exception of the two services below:

Intercom

We use the external service Intercom to keep an oversight over all communication we have with you. This includes the chat widget on the lower right of most pages as well as any email you may sent to help@screenaware.com.

Personal information about you is only stored once you use the chat widget in the lower right of the website or send an email to help@screenaware.com. In such cases the information transmitted to Intercom is:

your email address

any message you sent to us via email to help@screenaware.com as well as via the in-browser chat widget including time and date of when such a message was sent and if a reply from us was actually read by you.

your country and region of origin (granularity roughly next major city)

Google Analytics

We also use the external service Google Analytics to collect standard internet log information which basically means tracking which pages you visit on our websites. We do this to find out where things on our website might be confusing so we can improve texts and navigation. All such logged information is anonymized before being sent to Google servers (in particular your IP-address being shortened so it can not be traced back to you). A cookie is being sent to your browser to relate such page views over multiple sessions which allows us to for example see how many people come back to the website repeatedly but not who those people are.

Downloadable desktop activity tracker (sensor)

relevant for you if you downloaded and installed the ScreenAware desktop sensor executable file

The desktop sensor allows you (upon first start) to signup to the ScreenAware service. Here you provide your name and email address which is then sent to the ScreenAware servers. Additionally it periodically sends data concerning your desktop context (context snapshot) to the ScreenAware server to relate time you spend in front of the computer to your clients or projects. Lastly the desktop sensor may send certain log (telemetry) data to the ScreenAware server to assist us debugging in case you encounter an error or problem with the automatic time tracking mechanism.

After signing up with ScreenAware (which happens when you register your name, email, and password in the desktop sensor) we assign you a randomized unique identifier (userUuid) which looks like "efd6499a-7df1-4e80-b44a-7a74cd2f042f".

Submission of context snapshots to the ScreenAware server

The desktop sensor takes a "snapshot" every 5 seconds which describes your computer's work environment. Such a snapshot consists of:

for the window currently in the foreground:

process-name (e.g. "winword.exe" for Microsoft Office Word). This is necessary to attribute time to the correct project and category

window title (e.g. "20180601 Offer Medicvia - Word" for Microsoft Office Word). This is necessary to attribute time to the correct project and category

if the window is a web browser: URL of the active tab. This is also necessary to attribute time to the correct project and category

if the window is used to edit local files (e.g. Microsoft Word, Photoshop, IDE): local path and file name of the document opened in the active window tab. This is also necessary to attribute time to the correct project and category

your userUuid. This is necessary so only you have access to your data in the activity dashboard

hashed (anonymized) identifier for your computer. Looks like: d9657fc94baa23bc2e. This is necessary to detect cases where you run multiple installations of the desktop sensor in parallel on different computers so we don't track more than 60 minutes of time in one hour.

All such transmissions are encrypted using TLS.

Submission of Debug/Log information to the ScreenAware server

When encountering a problem or an unusual situation during its runtime, the desktop sensor may send debug/log information to the ScreenAware server. Additionally when adding a new feature to the desktop sensor, we may during the initial beta/test time of that feature send log data to determine whether the feature actually works as supposed to "out in the wilds". Such debug/log information may contain:

your userUuid. This is necessary so we can relate the problem to other communication we have with you (e.g. when you send us a mail reporting a problem)

platform (Windows/macOS) and version of the sensor. This is very helpful for us to diagnose the problem in question (macOS and Windows versions of the sensor behave quite differently on different versions of the operating system).

error-message. This helps to determine where in the program code of the desktop sensor the error occurred so we can apply a fix asap.

error stacktrace. This helps to determine where in the program code of the desktop sensor the error occurred so we can apply a fix asap.

feature-related-information such as "user clicked on that cool new blue button we added"

All such transmissions are encrypted using TLS.

How your data is being used

Usage of your Email

As part of the registration process for a ScreenAware account inside the desktop sensor, we collect your email address which might be used to:

send you transactional emails such as a daily project-time report or password-reset emails
For such transactional messages we use the external service Amazon AWS SES to actually send you the email. We gather (via AWS SES) statistics around email opening and clicks to help us monitor and improve the deliverability of these transactional emails. You can unsubscribe to general mailings at any time of the day or night.

contact you if we need to obtain or provide additional information, and check every now and then that you’re happy and satisfied.
Such emails are sent via the external service Intercom (see above).

We will never under any circumstances hand out your email to anyone else and will never send you unsolicited advertisement or spam mail.

Usage of your data from the sensor context snapshots

As outlined above these snapshots contain information of window process name, window title and possibly browser URL or path of opened local file. The ScreenAware server aggregates this data and relates snapshots (active time you spent in front of the computer) to your projects or clients. After this aggregation the condensed information is saved on a ScreenAware server (see below).

The aggregated data is only used to

show you information on how you spent your screen time at app.screenaware.com

send you a daily email listing time spent by project/client

Under no circumstance will we make your personal data from the sensor context snapshots available to any third party or use it ourselves for any purpose besides the two points above.

How your data is stored and secured

ScreenAware stores the following personal information about you (generated/gathered as outlined above)

You as a user/customer

your email

your name

your password as a salted hash (your actual password is never stored anywhere)

Your project meta-information

Project name

Project keywords

Your activity data (aggregated time span data as mentioned above)

start of time span

duration (i.e. end of) time span

process name of application you used during the time span

project relation (if one could be determined)

broad category ("Business", "Development", "Research" etc.)

Label for the time span. This is something like "Edited filename.docx" or "visited domain bbc.com". Note that more detailed data from the windows titles or urls/filesnames gathered by the desktop context snapshots is not stored.

All your personal data mentioned above is stored on ScreenAware servers in ISO/IEC 27001:2013 certified data centers in Germany operated by DigitalOcean (Digital Ocean, 1875 S Grant Street, Suite 530, San Mateo, CA 94402, USA. Data centre Frankfurt).
When your data is being transferred between servers inside the data center, this transmission is only performed over an encrypted TLS connection. Only ScreenAware employees who have been schooled regarding data security and privacy have access to the underlying databases and infrastructure.

Export of all your personal data

You can send me an email to help@screenaware.com asking for a full export of all your personal data in machine readable form (JSON and CSV depending on the type of data). The full export will usually be provided to you on the same business day, but at the very latest 4 business days after requesting a full export.

Deletion of all your personal data

When you stop using ScreenAware (that is e.g. uninstall the desktop sensor), all your personal data outlined above will be automatically and irrevocably deleted after 2 months of inactivity both from ScreenAware systems as well as from all external systems mentioned above. We will send you a notification email 1 week before this happens so you could intervene and prevent the automatic deletion if you want.
You can also send me an email to help@screenaware.com asking for immediate permanent deletion of all of your personal data (which will usually happen on the same business day, but at the very latest 4 business days after requesting deletion).

Changes to this privacy policy

Any changes we may make to this privacy policy from time to time will be posted on this page. If anything more substantial than the correction of a spelling mistake or adding of a minor clarification changes, I will notify you by email outlining the differences side-by-side.